Q

Restricting user access to home directories

Security expert James Turnbull describes how to restrict user access to home directories through the use of the "chroot" command.

I am using Fedora Core 1.0 on my Web server and have installed VSFTPD on it. If I create an account and give it a home directory, (i.e./var/www/test) and try to access FTP with this account, it goes into the directory /var/www/test. However, if after logging into FTP I press the "back" button, it takes me to /var/www folder where the user can see all of the data. How do I restrict the user to access their home directories only?
In order to lock a user into their home directory, you need to look at vsftpd's chroot functionality. You need to edit the /etc/vsftpd/vsftpd.conf configuration file and change chroot_list_enable option to "yes." Then, specify a file called /etc/vsftpd.chroot and add all the users you wish to chroot to this file.

Or, if you wish all users to be chroot'ed, then you can set the chroot_local_user option to "yes." Chrooting an FTP server can be complicated and have some serious security implications. I recommend you read the vsftpd.conf man page carefully.

This was first published in February 2006

Dig deeper on Linux security risks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close